# -*- coding: utf-8 -*-
from pylons import response

from zope.interface import implements
from repoze.who.interfaces import IAuthenticator
from repoze.who.interfaces import IMetadataProvider
from repoze.what.adapters import BaseSourceAdapter, SourceError
from repoze.who.plugins.basicauth import BasicAuthPlugin
from repoze.who.plugins.friendlyform import FriendlyFormPlugin
from repoze.who.plugins.auth_tkt import AuthTktCookiePlugin , _bool as asbool

from repoze.what.middleware import setup_auth
from afpy.ldap import auth
from afpy.ldap.connection import Connection

from craneserver.lib.ldap import User
from craneserver.lib.ldap import Role
from repoze.who.plugins.use_beaker import UseBeakerPlugin
import os
import logging

log = logging.getLogger(__name__)

def make_auth(app, global_conf, **local_conf):

    section = local_conf.get('ldap.section', 'ldap')
    config_file = local_conf.get('ldap.config',
        os.path.expanduser('~/.ldap.cfg'))
    conn = Connection(section, filename=config_file)

    basicauth = BasicAuthPlugin('CRANE Portal')

    cookieAuthTkt = AuthTktCookiePlugin(
        local_conf['identifier.secret'],
        local_conf['identifier.key'],
        asbool(local_conf['identifier.secure'],),
        asbool(local_conf['identifier.includeip']),
        int(local_conf['identifier.timeout']),
        int(local_conf['identifier.reissue_time']),
        None)

    useBeaker = UseBeakerPlugin(key_name='identity',
        delete_on_logout=asbool(local_conf['beaker.session.cookie_expires']))

    loginform_useBeaker = FriendlyFormPlugin(
        login_form_url="/session/login",
        login_handler_path="/session/handleLogin",
        post_login_url="/session/verifyLogin",
        logout_handler_path="/session/logout",
        post_logout_url="/session/verifyLogout",
        login_counter_name="attempts",
        rememberer_name="useBeaker")

    loginform_cookieAuthTkt = FriendlyFormPlugin(
        login_form_url="/session/login",
        login_handler_path="/session/handleLogin",
        post_login_url="/session/verifyLogin",
        logout_handler_path="/session/logout",
        post_logout_url="/session/verifyLogout",
        login_counter_name="attempts",
        rememberer_name="cookieAuthTkt")

    identifiers=[
        #("loginform_cookieAuthTkt", loginform_cookieAuthTkt),
        ("loginform_useBeaker", loginform_useBeaker),
        ("useBeaker", useBeaker),
        #("cookieAuthTkt", cookieAuthTkt),

    ]
    challengers=[
        #("loginform_cookieAuthTkt", loginform_cookieAuthTkt),
        ("loginform_useBeaker", loginform_useBeaker),
    ]

    authenticators=[("accounts", auth.Authenticator(conn))]
    groups = {'all_groups': auth.GroupAdapter(conn)}
    permissions = {'all_perms': auth.PermissionAdapter(conn, use_permissions=False)}
    mdproviders=[("accounts", auth.MDPlugin(conn))]

    return setup_auth(app,
        groups,
        permissions,
        identifiers = identifiers,
        authenticators = authenticators,
        challengers = challengers,
        mdproviders = mdproviders)
